A VPN is now a necessity for anyone who values their privacy online. They prevent hackers, governments, corporations, and internet service providers from monitoring and tracing internet activity back to the user. All internet traffic is encrypted and tunneled through a remote server so that no one can track its destination or its contents.
Using a VPN requires a certain degree of trust in companies that operate these services. They could–and some have–monitor and analyze the traffic that passes through their servers. These companies can in turn be hacked, abused, or coerced into giving up private information about users.
Most VPN providers, even those that boast about their logless policy, do in fact store metadata logs on their servers. These can include a range of information about the nature of a customer’s VPN connections, but not the actual contents. Timestamps, bandwidth consumed, amount of data used, and even the original IP address of the user can all be logged by the VPN provider. In the hands of the FBI or a snooping hacker, this information could be valuable.
Likewise, VPN providers’ encryption standards are not always advertised in a straightforward manner. Most will inform you that they use either 256-bit or 128-bit AES for channel encryption, but can leave out information about how that channel was set up including RSA key exchange and authentication details.
In fact, several factors beyond a simple no-logging policy and strong transfer encryption can affect VPN users’ privacy. In this article, we’ll go beyond the often-advertised surface measures to dig deeper into the finer details that are often overlooked. Bear in mind that we still depend on the providers to be honest about the measures they take to protect user privacy, so for lack of a better method we just have to take them at their word. More on methodology below.
We scored each VPN provider’s privacy protections out of 19 possible points based on the following criteria:
- Traffic logging policy (2 points): No traffic logs of any sort whatsoever. Traffic logs refer to records of user activity and the content they viewed while using the VPN.
- Metadata logging policy (2 points): We are primarily concerned with logs that contain the source IP of users. We do not deduct points for bandwidth or timestamp logs, which contain no identifying information.
- VPN protocol (1 point): Must use a secure VPN protocol such as OpenVPN, L2TP, SSTP, or IKEv2.
- Channel encryption (1 point): Must use the AES 128-bit algorithm or higher.
- Authentication protocol (1 point): Must be SHA256 or better. SHA1 has vulnerabilities, but HMAC SHA1 is arguably still safe and doesn’t suffer from collisions, so points are not deducted for HMAC SHA1.
- Key exchange (1 point): RSA and DH keys must be 2,048-bit or higher.
- Perfect forward secrecy (1 point): Session keys cannot be compromised even if the private key of the server is compromised.
- DNS leak protection (1 point): DNS leak protection must be built into the provider’s apps.
- WebRTC leak prevention (1 point): WebRTC leak prevention must be built into the provider’s apps.
- IPv6 leak prevention (1 point): IPv6 leak prevention must be built into the provider’s apps.
- Kill switch (2 points): A kill switch that halts traffic when the VPN connection drops is a must. We award one point for having a kill switch on desktop (MacOS and Windows) apps, and one point for having it on mobile (iOS and Android) apps.
- Private DNS servers (1 point): The provider must operate its own DNS servers and not route DNS requests through the default ISP or a public provider such as OpenDNS or Google DNS.
- Servers (1 point): We are primarily concerned with whether servers are virtual or physical. Physical server are preferred. We did not deduct points based on whether a server is owned or rented, as there are arguments to be made for both.
- Anonymous payment methods (1 point): Accepting Bitcoin as payment earns the point, but we also made note of those who accept gift vouchers and other cryptocurrencies.
- Torrenting policy (1 point): Downloading via BitTorrent must be allowed.
- Country of incorporation (1 point): A point is awarded if the VPN is incorporated outside of the 14 Eyes: Australia, Canada, New Zealand, the United Kingdom, United States, Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain.
We’ve outlined each VPN’s performance in one big table below. Each VPN is scored and summarized in more detail further down, in no particular order.
|VPN||Do you store any traffic logs?||What metadata logs do you store?||VPN protocol (default)||Channel encryption||Authentication hash||Key exchange||Perfect forward secrecy?||DNS leak protection?||WebRTC leak protection?||IPv6 leak protection?||Kill switch?||Private DNS servers?||Own or lease servers?||Physical or virtual servers?||Customer service||Torrenting allowed?||Country of incorporation||Bitcoin accepted?|
|AirVPN||No||None||OpenVPN||256-bit AES||HMAC SHA384||4096-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, desktop only||Yes||Leased||Physical||In house||Yes||Italy||Yes|
|BolehVPN||No||None||OpenVPN||256-bit AES-CBC||HMAC SHA512||4096-bit RSA||Yes||Yes||No||Yes||Yes, on all platforms||Yes||Leased||Mixed||Zendesk*||Yes||Seychelles||Yes|
|CyberGhost||No||None*||OpenVPN||256-bit AES||SHA256||2048-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on all platforms||Yes||Mixed||Physical||Third-party platform||Yes||Romania||Yes|
|ExpressVPN||No||Datestamp, server location, amount of data||OpenVPN||256-bit AES||SHA512||4096-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on desktop only||Yes||Leased||Physical||Third-party platform||Yes||British Virgin Islands||Yes|
|Goose VPN||No||Datestamp, OS||IKEv2||256-bit AES||?||2048-bit DHE-RSA||Yes||No||No||No||Yes, on desktop only||No||?||?||LiveChat||Yes||Netherlands||No|
|Hide My Ass!||No||Username, timestamps, amount of data, IP address, server IP||OpenVPN||256-bit AES||SHA256||2048-bit Diffie-Hellman||No||Yes||No||Yes||All except Windows||Windows only||Mixed||Mixed||Zendesk||Yes||UK||No|
|hide.me VPN||No||None||OpenVPN||256-bit AES||HMAC SHA256||8192-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on desktop only||Yes||Leased||Physical||Third-party platform||Yes||Malaysia||Yes|
|Hotspot Shield||Ad injection, cookies||Timestamps, bandwidth, IP address||Hydra||128-bit AES||?||2048-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on desktop only||No||?||?||Third-party platform||Yes||United States||No|
|ibVPN||No||None||OpenVPN||256-bits AES-CBC||HMAC SHA512||2048-bit RSA||Yes||Yes||Yes||Yes||Yes, on desktop only||Yes||Mixed||Mixed||Third-party platform||Yes||Romania||Yes|
|IPVanish||No||No||OpenVPN||256-bit AES||SHA512||2048-bit DHE-RSA||Yes||Yes||No||Yes||Yes, on desktop only||Yes||Owned||Physical||Third-party platform||Yes||United States||No|
|Ivacy||No||None||IKEv2||256-bit AES||?||2048-bit DHE-RSA||Yes||Yes||Yes||Yes||Windows only||Yes||?||?||Third-party platform||Yes||Singapore||Yes|
|Keenow Unblocker||No||Bandwidth, timestamps, IP address||OpenVPN||256-bit AES-GCM||SHA512||2048-bit ECDHE-RSA||Yes||Yes||Yes||Yes||Yes, on all platforms||Yes||Leased||Mixed||In house||Yes||Israel||Yes|
|LiquidVPN||No||Server, # of logins, bandwidth||OpenVPN||256-bit AES||SHA512||4096-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on desktop only||Yes||Leased||Physical||In house||Yes||United States||Yes|
|Mullvad VPN||No||None||Wireguard, OpenVPN||256-bit AES||SHA512||4096 bit Diffie-Hellman||Yes||Yes||No||Yes||Yes, on all platforms||Yes||Mixed||Physical||In house||Yes||Sweden||Yes|
|NordVPN||No||None||IKEv2, OpenVPN||256-bit AES||SHA384||3072-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, excluding Android||Yes||Leased||Physical||Third-party platform||Yes||Panama||Yes|
|OneVPN||No||Bandwidth consumed, Timestamps, User Credentials, and IP address||OpenVPN||256-bit AES||SHA384||RSA 4096||Yes||Yes||Yes||Yes||Yes, on all platforms||Yes||Leased||Mixed||In house||Yes||Hong Kong||Yes|
|Private Internet Access||No||None||OpenVPN||256-bit AES||SHA256||4096-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on all platforms||Yes||Leased||Physical||In house||Yes||United States||Yes|
|PrivateVPN||No||None||OpenVPN||256-bit AES||SHA256||2048-bit DHE-RSA||Yes||Yes||Yes||Yes||Windows only||Yes||?||?||LiveAgent||Yes||Sweden||Yes|
|ProtonVPN||No||Login timestamp||OpenVPN||256-bit AES||SHA512||2048-bit RSA||Yes||Yes||Yes||Yes||All platforms except Android||Yes||Mixed||Physical||Zendesk||Yes||Switzerland||Yes|
|PureVPN||No||Datestamps, server location, ISP||L2TP||256-bit AES||SHA256||2048-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on all platforms||Yes||Leased||Mixed||LiveChat||Yes||HongKong||Yes|
|SaferVPN||No||Bandwidth Consumed, Timestamps||IKEv2||256-bit AES||SHA256||4096-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on all platforms||Yes||Mixed||Mixed||Third-party platform||Yes||Israel||Yes|
|Speedify||No||IP address||Custom||256-bit ChaCha||SHA256||?||Yes||Yes||Yes||?||Yes, on Windows and Android||No||?||?||?||Yes||United States||No|
|StrongVPN||No||None||IKEv2, OpenVPN||256-bit AES||SHA512||2048-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, desktop only||Yes||Owned||Physical||Third-party platform||Yes||United States||No|
|Surfeasy||"Temporary usage data", destination IP||Bandwidth, IP address, in-app analytics||OpenVPN||128-bit Blowfish||SHA256||1024-bit RSA||Yes||Yes||Yes||?||No||Yes||?||?||Zendesk||Yes||Canada||Yes|
|TigerVPN||No||Amount of data, timestamps||OpenVPN||256-bit AES||SHA512||4096-bit RSA||No||Yes||No||No||No||Yes||Mixed||Mixed||Third-party platform||Yes||Slovakia||Yes|
|TorGuard||No||None||OpenVPN||256-bit AES||SHA512||4096-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, excluding Android||Yes||Mixed||Mixed||In house||Yes||United States||Yes|
|Tunnelbear||No||Timestamps, bandwidth, OS||OpenVPN||256-bit AES||SHA256*||2048-bit DH-RSA||Yes||Yes||Yes||Yes||Yes, excluding iOS||Yes||Leased||Virtual||In house||No||Canada||Yes|
|VyprVPN||No||IP address, server IP, connection timestamps, amount of data||OpenVPN, Chameleon||AES-256-CBC||SHA256||2048-bit DHE-RSA||Yes||Yes||No||No||Yes, on desktop only||Yes||Owned||Mixed||Third-party platform||Yes*||Switzerland||No|
|Windscribe||No||Bandwidth used in 30 day period||OpenVPN||AES-256-GCM||SHA512||4096-bit DHE-RSA||Yes||Yes||Yes||Yes||Yes, on desktop only||Yes||Leased||Physical||In house||Yes||Canada||Yes|
|Zenmate||No||IP address, OS, timestamps||OpenVPN||256-bit AES||SHA256||2048-bit RSA||Yes||Yes||Yes||Yes||Yes, Windows only||No||?||?||Zendesk||Yes||Germany||No|
ExpressVPN keeps no traffic logs but does retain some metadata logs including « dates (not times) when connected to our service, choice of server location, and the total amount of data transferred per day. »
OpenVPN connections encrypted with 256-bit AES-CBC are the default. 4,096-bit DHE-RSA certificates are identified by SHA-512 hashing algorithm. HMAC authentication and perfect forward secrecy are both utilized.
DNS leak protection works but might require you to disable IPv6 on the client device. A kill switch, called a « network lock » in ExpressVPN parlance, halts all internet traffic when the connection unexpectedly drops. ExpressVPN uses its own DNS servers by default but customers can opt to use their own. ExpressVPN has some of the most robust leak protection available including WebRTC leak prevention.
The company is incorporated in the British Virgin Islands, which does not fall under UK jurisdiction. It accepts Bitcoin as payment and even has a .onion site where Tor users can sign up anonymously. Torrenting is allowed on all servers.
ExpressVPN says it does receive subpoenas on occasion, but because it is a no log VPN provider, it does not possess information that can link an IP address or timestamp to a customer.
ExpressVPN rents physical servers around the world. Hard drives are encrypted and a unique key is used on every server.
Customers interact with ExpressVPN through SnapEngage and ZenDesk, but the company says those external providers have no access to customer information.
NordVPN does not keep logs of any sort on customers. Neither traffic nor session logs of any kind, making it one of the few providers with a true zero logs policy.
On Windows and Android, the OpenVPN protocol includes 256-bit AES encryption and 2,048-bit DH keys.
The MacOS and iOS apps use the IKEv2 protocol by default. Perfect forward secrecy is available on the IKEv2 protocol. The IKEv2 option for Macbooks, iPhones, and iPads uses 3,072-bit DH keys, 256-AES-GCM, and SHA2-384 authentication. These are the specs represented in the chart and table.
DNS leak protection is enabled by default, and NordVPN operates its own DNS servers that users can optionally use. All apps except for Android include a process-specific kill switch that will only block traffic on specified applications when the connection drops. Alternatively, a second all-or-nothing kill switch prevents leaks of all types in all scenarios.
The company is incorporated in Panama. It accepts Bitcoin as payment. Torrenting is allowed on all servers. Extra security features include a double-hop VPN, which routes the user’s connection through two VPNs instead of one. Tor over VPN servers send your internet traffic through the Tor Network after exiting the VPN server.
NordVPN tells us it has received multiple official requests for information, but had none to give due to its no-logs policy. In at least one case, servers were confiscated, but NordVPN says there was nothing on the servers that could incriminate users.
NordVPN says it uses a hybrid model for server acquisition in which some are rented and some are purchased. All servers are physical.
NordVPN uses third-party newsletter and live chat tools to facilitate customer support. It says only customer email addresses are available to these external providers.
VyprVPN logs « the user’s source IP address, the VyprVPN IP address used by the user, connection start and stop time and total number of bytes used. » The most troubling is the user’s source IP, which could be linked to his or her identity through the ISP. This information is retained for 30 days. VyprVPN told Comparitech, « We do not log a user’s traffic or the content of any communications, or perform both shallow and deep packet inspections. »
VyprVPN connections use the OpenVPN protocol, 256-bit AES encryption, 2,048-bit RSA keys with perfect forward secrecy, and SHA256 authentication.
DNS servers are included in the package, and DNS leak protection is built in. A kill switch halts all internet traffic if the connection drops. For an extra fee, VyprVPN subscribers can avail of the « Chameleon » protocol, which scrambles OpenVPN metadata so deep packet inspection cannot recognize it.
The company is incorporated in Switzerland. VyprVPN has, in the past, taken a hardline stance against torrenting, and in some cases users reported their accounts being disabled or terminated for doing so. However, as of 2018, VyprVPN tells Comparitech it does allow torrenting.
VyprVPN owns its own servers. It’s one of the few providers that owns its own data centers in every location around the world rather than renting rackspace from third party hosting services.
The company provisioning, billing, and database systems were developed and stored in house, but it partners with third parties for email and support.
StrongVPN says it keeps no logs of any sort.
StrongVPN’s new apps use IKEv2 by default, but says its OpenVPN option is more secure, so we’ve used the OpenVPN specs in the table and chart. OpenVPN connections use AES-256-CBC channel encryption, 2048-bit Diffie Hellman RSA keys, SHA256 authentication, and perfect forward secrecy.
IKEv2 connections use AES-256 channel encryption, 8192-bit Diffie Hellman MODP keys, SHA512 authentication, and perfect forward secrecy.
DNS, IPv6, and WebRTC leak protection works, and StrongVPN operates its own DNS servers. A kill switch can be enabled in the settings.
StrongVPN’s parent company is based in San Francisco, California. The company accepts Bitcoin payments. Torrenting is tolerated on all servers.
The company owns all of its own physical servers and does not rent from third parties.
The desktop and mobile apps both include a « scramble » feature that obfuscates encrypted traffic to make it look like normal, decrypted traffic.
Strong VPN does use external providers for email. Email addresses and language preferences are stored—no personally-identifiable information is kept.
Other than when an account is first registered, IPVanish keeps no record or log of VPN use on its users.
It uses 256-bit encryption on the OpenVPN protocol by default, SHA512 authentication, and a DHE-RSA 2048-bit key exchange with perfect forward secrecy.
The company operates its own DNS servers and DNS leak protection is built in, as is a kill switch. It still lacks WebRTC leak prevention.
The company is based in the United States. Bitcoin is an acceptable payment method. Torrenting is tolerated on all servers.
IPVanish is one of very few providers that owns and operates all of its physical hardware, rather than renting it from a third party.
Users can specify how often they would like their IP address to change and use a « scramble » feature to obfuscate encrypted traffic.
IPV uses external email providers, and the only information on hand is users’ email addresses. No customer information is stored or accessible.
LiquidVPN records zero traffic logs and pretty minimal metadata logs including last VPN logged into, the total number of logins, and bandwidth used.
OpenVPN with 256-bit AES encryption comes standard, although other protocols are available. That’s paired with super-secure 4096-bit RSA keys and perfect forward secrecy. Keys are refreshed every 30 minutes by default.
The company operates its own DNS servers, which can also be used as a separate smart DNS proxy service (LiquidDNS). DNS leak protection is effective. A kill switch, dubbed « Liquid Lock » functions as both a kill switch and a firewall in which users can whitelist specific IP addresses and allow LAN traffic.
The company is based in the US. Torrenting is tolerated on all servers. Users can choose from three « topographies »: static, shared, or modulating IP address. When using the « modulating IP address » topology, the user’s shared IP address changes each time they connect to a different web server.
LiquidVPN rents bare metal servers in countries that do not force data centers to monitor or log traffic.
A warrant canary is updated weekly on its website, though LiquidVPN tells us it has not received any subpoenas or other official requests for customer information as of press time.
Email and customer service is all hosted in house on the company’s servers.
Private Internet Access
PIA is one of the few VPN providers that keeps no logs whatsoever, neither traffic nor metadata.
OpenVPN, 256-bit AES encryption, SHA256 authentication, and 4,096-bit RSA keys make up the strongest possible combination, but other algorithms and protocols are available.
A kill switch and DNS leak protection can both be enabled in the settings. The company operates its own DNS servers. WebRTC and IPv6 leak protection come built in as well. A kill switch is available on both desktop and mobile apps.
Customers can pay with Bitcoin and certain gift cards.
Around March 2016, the FBI sent a subpoena to PIA to learn information about a suspected criminal. The company gave up no useful data according to the FBI report. PIA says it does receive subpoenas and court orders but has no logs to provide.
The company is based in the United States. Torrenting is allowed on all servers. Port forwarding is built into the desktop and mobile apps.
PureVPN records the dates you connect to a server, that server’s location (not IP), and your ISP. The ISP metadata might be a concern for some, as it requires looking up an IP address and could be considered to be identifying information, so we docked one point for that.
256-bit AES encrypted L2TP/IPSec is the strongest protocol available in the app, although OpenVPN can be configured manually in a third-party app. SHA256 is used for authentication, backed by a 2048-bit DHE-RSA key.
DNS leak protection and a kill switch come built into all PureVPN apps. The company operates its own DNS servers. It claims to prevent WebRTC and IPv6 leaks as well.
PureVPN is based in Hong Kong. It accepts Bitcoin, gift cards, and a wealth of other online payment systems. Torrenting is allowed on all servers, and the app will even show you which servers are best suited for file sharing.
PureVPN leases a mix of virtual and physical servers.
For customer support, PureVPN says it uses « services that are GDPR compliant. » LiveChat is used on its website.
HideMyAss says it does not log the contents of users’ traffic, but it does admit to recording metadata logs including username, timestamp, source IP, and the IP of the server connected to. The company tells Comparitech, « We do log the IP address you are given by us to access our servers. This information is kept for 3 months and is a legal requirement to work with local laws and regulations. We 100% cannot see anything you do online with this IP address or track any of your activity. After 3 months this info is gone forever. »
AES-256 encryption is used with the OpenVPN protocol, secured with a 2048-bit DH-RSA key. SHA256 is used for authentication. Perfect forward secrecy is not supported.
The app does have built-in DNS leak protection, but only Windows users can utilize HMA’s private DNS servers, directing all other DNS requests through OpenDNS. WebRTC leak prevention is also absent. The Windows app does not have a kill switch but does allow IP binding. The rest of the apps are equipped with normal kill switches.
HMA is based in the UK, which just passed some of the most intrusive internet surveillance laws in the world. The company accepts Bitcoin. Torrenting is apparently allowed but we wouldn’t recommend it.
Customer service is handled through a third-party provider, Zendesk.
AirVPN boasts a true zero logs policy and therefore stores no traffic or session data.
With its most secure settings enabled, the app uses OpenVPN, 256-bit AES-CBC encryption, HMAC SHA-1 or HMAC SHA384, and 4,096-bit RSA keys negotiated on the hour and each time a new connection is established. This ensures perfect forward secrecy, and the RSA re-keying time can be lowered.
DNS leak protection and a kill switch come built in. AirVPN operates its own DNS servers. WebRTC and IPv6 leaks are also plugged.
The company is incorporated in Italy, a 14 Eyes country. It accepts bitcoin and several other cryptocurrencies as well as gift vouchers. Torrenting is allowed on all servers. The app is stocked with robust security features including port forwarding and DDNS; VPN over SSH, SSL, and Tor; and obfuscation.
AirVPN rents physical servers from vetted data centers.
AirVPN uses an in-house ticket submission system and forums for customer support.
BolehVPN does not record any traffic or session logs whatsoever but for one exception: « We may turn on logs temporarily to identify abuse of our services (such as DoS or spamming through our servers). »
By default, the app uses OpenVPN, 256-bit AES channel encryption, 4,096-bit RSA keys with perfect forward secrecy, and SHA-512 HMAC authentication.
The company operates its own DNS servers and the app uses DNS leak protection. A kill switch, called « lock down » in the settings, is built in. Unfortunately, the apps don’t yet protect against WebRTC leaks. A kill switch is available on both mobile and desktop apps.
The company is based in Malaysia and incorporated in Seychelles. The BolehVPN app allows users to selectively route traffic through the VPN, obfuscate traffic, and route DNS traffic. Servers use a decentralized PKI infrastructure. Bitcoin and Dash are both accepted as payment.
The company posts a monthly warrant canary. In May 2016, authorities issued BolehVPN a request for information on one of its German servers, to which it did not comply, according to the warrant canary posted at that time.
BolehVPN says it uses Zendesk to deal with support queries but provides the option to send PGP-encrypted messages via email.
SaferVPN stores no traffic logs and has recently curtailed the amount of metadata it collects, to the benefit of users. Now, only timestamps and bandwidth consumed are logged.
The OpenVPN protocol uses 256-bit AES encryption, 4096-bit RSA keys with perfect forward secrecy, and SHA256 authentication.
DNS leak protection works well and SaferVPN operates its own DNS servers. The apps prevent WebRTC and IPv6 leaks. A kill switch is available on both desktop and mobile apps.
The company is based in Israel. SaferVPN accepts Bitcoin and a few third-party payment systems. SaferVPN eased up on its torrenting policy and now says use of BitTorrent is permitted.
SaferVPN tells Comparitech, « We are the only VPN provider that offers automatic Wi-Fi security for iOS, Android, Windows & Mac that activates VPN automatically everytime the device is being connected to an unsecured Wi-Fi even when the app is in the background and not active, or the phone is in locked mode. »
A third-party platform is used for customer service. A mix of physical and virtual servers make up the network.
TunnelBear collects some metadata including timestamps, bandwidth used, and operating system. It does not store traffic logs or user IP addresses.
OpenVPN is used on desktops, while IKEv2 is favored on supported mobile devices. AES-256-CBC is standard on Windows and Android, while AES-256-GCM is used on Apple and iOS apps. SHA256 authentication is used on all platforms except for Windows, which is stuck with the deprecated SHA1. Windows users should deduct an extra point for this. Depending on your device, the app will use either a 2048-bit (Windows), 3072-bit (MacOS, iOS), or 4096-bit Diffie Hellman key. Perfect forward secrecy is supported on OpenVPN.
DNS leak protection is built in, and TunnelBear now uses its own DNS servers instead of Google’s. The app includes a kill switch dubbed « Vigilant Bear », which has been upgraded to handle IPv6 and WebRTC leaks.
TunnelBear is based in Canada. It accepts Bitcoin. Torrenting is prohibited on TunnelBear servers and it disables common BitTorrent ports in lieu of logging.
TunnelBear leases virtual servers rather than physical ones.
All customer support and email is handled in house.
CyberGhost is the only company in 2018 to earn a perfect score. It keeps « no logs which enable interference with your IP address, the moment or content of your data traffic. » That makes it effectively logless both on the traffic and metadata fronts. Even payment and registration details are not logged, and instead users are given anonymous user IDs. CyberGhost tells us, « we are aware of how much bandwidth is consumed but this is not on a per-user basis, it is only as a whole on the entire server. »
Connections by default use OpenVPN, 256-bit AES encryption, 2,048-bit DHE-RSA keys with perfect forward secrecy, and SHA256 authentication.
DNS, IPv6, and WebRTC leak protection, and a kill switch are included in all of the apps. CyberGhost operates its own DNS servers.
The company is based in Romania. It publishes regular transparency reports to ensure privacy, which acts as a sort of warrant canary. Torrenting is tolerated, but the company urges customers to use P2P-optimized servers. CyberGhost accepts Bitcoin.
CyberGhost also includes an anti-fingerprinting tool that prevents advertisers and other entities from identifying users by their browser characteristics.
CyberGhost only uses physical servers, which are either leased or owned by the company. A third party platform is used for customer service.
OneVPN says it stores no activity logs but does keep metadata logs, including timestamps, user credentials, and IP address.
By default, connections are encrypted with 256-bit AES, SHA-384 authentication, and 4,096-bit RSA keys with perfect forward secrecy.
OneVPN says it prevents DNS, WebRTC, and IPv6 leaks, but we’re skeptical about the truthfulness of some of these claims. Kill switches are built into both mobile and desktop apps.
The company rents servers, which are a mix of physical and virtual hardware.
The company is based in Hong Kong. It accepts Bitcoin and some gift cards as payment. Torrenting is tolerated.
A company-owned dedicated email server is used to communicate with customers.
TigerVPN does not store traffic logs but does log time spent on the VPN and the amount of data transferred. It also records the user’s IP address upon payment, but not in session logs.
OpenVPN connections use 256-bit AES channel encryption, 4,096-bit RSA keys without perfect forward secrecy, and SHA512 authentication.
TigerVPN’s app does not have a kill switch. The company operates its own DNS servers and DNS leak protection comes built in.
The company is headquartered in Slovakia, which is part of the European Union. Bitcoin is accepted. Torrenting is tolerated on all servers.
TigerVPN says it owns physical servers in most locations, but sometimes resorts to rented virtual instances where it cannot import hardware. A representative tells us these dedicated virtual machines are not shared with other clients and run a special version of bespoke software that will identify if anything is going on with the server. No data is stored on these machines.
The company has not yet been confronted with a subpoena or court order. It it is, TigerVPN will first consult its lawyers. But because logs do not contain IP addresses and IP addresses are shared, there is no identifying information on customers.
The ticket submission system is provided by a third party. TigerVPN says email addresses and internal ticket IDs are stored there, but nothing else as far as customer data.
Canada-based SurfEasy is a bit of a black box. The company did not respond to our security questionnaire, and there’s a dearth of reliable, up to date specs for the VPN.
Encryption specs are also hard to come by, but through secondary sources, we surmised SurfEasy uses 128-bit Blowfish with 1024-bit RSA keys, which is deprecated and not secure. At least it uses SHA256 for authentication. It does appear to have perfect forward secrecy.
DNS and WebRTC leak prevention seem to function as expected, although we’re not sure about IPv6 leaks. There’s no kill switch yet as of time of writing. SurfEasy operates its own DNS servers. We don’t know if the VPN servers are physical or virtual, nor whether they are owned or leased.
Torrenting is allowed, although we wouldn’t recommend it without more clarification on the logging policy and an encryption upgrade.
Support is handled through a third party.
Hotspot Shield does not store traffic logs or IP addresses associated with user activity, but it does store IP addresses to serve tracking cookies and inject advertisements into users’ browsers. These cookies can be used by third parties to serve advertisements, and Hotspot Shield says it is not responsible for how third parties use its data. Because of this, Hotspot Shield does not meet our privacy standards. The actual VPN service logs metadata including timestamps and bandwidth.
Hotspot Shield uses the Hydra VPN protocol by default. Connections are protected with 128-bit AES encryption and a 2048-bit DHE-RSA key with perfect forward secrecy.
DNS leak protection seems to work, although Hotspot Shield does not operate its own DNS servers and tells users to opt for Google DNS. The desktop app has a kill switch. The app protects against WebRTC and IPv6 leaks.
Hotspot Shield’s parent company, AnchorFree, is based in the United States. Torrenting is allowed. Bitcoin is accepted.
Missing info: authentication, physical or virtual servers, customer service
TorGuard keeps no logs of any sort.
With the strongest possible settings, OpenVPN connections use 256-bit AES channel encryption, 4,096-bit DHE-RSA key exchanges, and SHA512 authentication. Perfect forward secrecy is supported and even indicated on the app.
TorGuard operates its own DNS servers. DNS leak protection and a process-specific kill switch are built into the app.
The company is based in the United States. The company accepts Bitcoin and a wealth of other payment options. Torrenting is allowed. TorGuard customers can use a « Stealth » feature that obfuscates traffic to help bypass firewalls that utilize packet inspection.
TorGuard owns servers in some data centers and leases in others. Most are physical, but those used primarily for streaming are virtual as their IP addresses need to be regularly changed.
The company says its legal team examines all subpoenas and court orders for validity in its jurisdiction. If deemed valid, it simply explains the nature of shared IPs and the fact that no logs are stored on its servers, thus it cannot identify any of its users.
Torguard uses its own staff and servers for all email transactions with customers.
Mullvad records neither traffic nor metadata logs.
OpenVPN connections use 256-bit AES encryption, DHE-RSA 4096-bit keys, and SHA512 authentication. Perfect forward secrecy is built in.
The company operates its own DNS servers. App users avail of DNS leak protection and a built-in kill switch, but lack WebRTC leak prevention.
Mullvad is based in Sweden. Torrenting is allowed. Bitcoin is accepted.
The company owns some servers and rents others, all of which are physical.
Mullvad tells us it has never received a subpoena, but has been asked by authorities about how specific IP addresses were used. It had no information to give.
Gmail is used for email correspondence with customers. It lists a PGP key on its website should customers want to send encrypted information that can’t be accessed by Google.
A newer contender on this list, ProtonVPN is off to a strong start. The service is offered by the same Switzerland-based team that makes ProtonMail, a secure email service.
ProtonVPN keeps no traffic or metadata logs except for login timestamps. By default, connections use 256-bit AES channel encryption, SHA512 authentication, and ephemeral 2,048-bit RSA keys with perfect forward secrecy.
The apps boast built-in DNS, WebRTC, and IPv6 leak protection. ProtonVPN does use its own DNS servers. A kill switch is available on all platforms except Androidl.
Proton VPN has a « secure core » option available in the native Windows client. The secure core servers are physical servers that are owned by Proton VPN. We don’t have information on the non-secure core server’s configuration.
Proton handles Bitcoin payments and email in house. However, support requests come from a Zendesk email address and it’s not clear who processes credit card payments. Proton says the credit card information is encrypted and protected by Swiss banking secrecy laws.
If you wish to communicate with Proton on a more private medium than Zendesk, the company offers an in-house support form on its website as well as an email address using the company’s own end-to-end encrypted email service.
Extra security features include obfuscated username and password for non-native clients, the option to connect to Tor instead of the VPN from the client, and the secure core mode that’s essentially a double-VPN through Proton’s privately owned secure servers in Switzerland or Iceland.
GooseVPN doesn’t store any identifying logs, only recording the date you use the service and your device operating system.
256-bit AES encryption is used by default, paired with 2048-bit RSA keys with perfect forward secrecy.
Goose leaks. A lot. DNS, WebRTC, and IPv6 leaks are all present in the apps, and a kill switch is only available on the desktop versions. It uses public DNS servers instead of private ones.
LiveChat is a third-party service used to provide live customer support.
Torrenting is allowed, but we wouldn’t recommend it without a kill switch.
The company is based in the Netherlands, a 14 Eyes country.
Missing info: authentication hash algorithm, rent or leased servers, virtual or physical servers
Hide.me says it doesn’t store logs of any sort.
Connections are guarded with 256-bit AES encryption, HMAC SHA256 authentication, and 8192-bit DH keys with perfect forward secrecy, all sufficient to keep your data safe.
The apps include DNS, WebRTC, and IPv6 leak protection. The kill switch is only available on desktop apps. Hide.me operates its own DNS servers.
Hide.me leases physical servers for its network.
The company is based in Malaysia, which is neither a 5 Eyes or 14 Eyes country. Torrenting is allowed.
Customer support is handled through a third-party platform.
ibVPN says it keeps no logs of any kind.
Connections are secured with 256-bit AES-CBC encryption, 512-bit HMAC SHA authentication, and 2048-bit RSA keys with perfect forward secrecy.
The apps prevent DNS, WebRTC, and IPv6 leaks. Windows and Mac versions get a kill switch, but mobile devices do not. ibVPN operates its own DNS servers.
The VPN servers are a mix of physical and virtual infrastructure, which are either leased or owned by the company.
A third-party platform is used to manage customer service.
Torrenting is allowed.
The company is based in Romania, which is not a 14 Eyes country.
Ivacy says it does not store logs at all.
It uses 256-bit AES encryption paired with 2048-bit DHE-RSA keys for perfect forward secrecy.
The apps plug DNS, WebRTC, and IPv6 leaks. Unfortunately, only the Windows app has a kill switch so far. Ivacy operates its own DNS servers.
Customer support goes through a third-party platform.
Torrenting is allowed.
The company is based in Singapore, outside the 14 Eyes.
Missing info: authentication hash, owned or leased servers, virtual or physical servers
Keenow is a bit tricky to evaluate because its apps include both a smart DNS proxy service and a VPN. We will focus on the latter.
Keenow keeps a concerning amount of logs, including connection timestamps, bandwidth usage (upload and download), and the user’s real IP address. It does not log the contents of encrypted traffic, though.
While the logging policy is cause for pause, the security standards are strong. You get 256-bit AES-GCM encryption, 2048-bit ECDHE RSA keys with perfect forward secrecy, and SHA512 authentication.
When connected to the VPN, you are protected from DNS, WebRTC, and IPv6 leaks. A kill switch is available on both the mobile and desktop apps. Keenow operates its own DNS servers.
Keenow leases a mix of phyiscal and virtual servers.
All customer support is handled in house.
Torrenting is allowed.
Keenow is incorporated in Israel.
PrivateVPN stores no VPN logs whatsoever.
Encryption standards check all the boxes: 256-bit AES, SHA256 authentication, and 2048-bit RSA keys with perfect forward secrecy.
DNS, WebRTC, and IPv6 leak protection are all built into the apps. Sadly, the kill switch is only available on the Windows client for now.
LiveAgent is used to provide customer support.
Torrenting is allowed.
The company is headquartered in Sweden.
Missing info: rented or leased servers, virtual or physical servers
Speedify walks a different path than most VPNs, opting for its bespoke « channel-bonding » protocol and ChaCha encryption with SHA256 authentication.
Users’ real IP addresses are recorded, but no traffic logs.
DNS and WebRTC protection work, but we were unable to ascertain whether Speedify has IPv6 leak protection. A kill switch is available on the Android and Windows apps. The company does not operate its own DNS servers, instead opting for public ones.
The company is based in the United States. It does not accept bitcoin or other cryptocurrencies. torrenting is allowed, but we would avoid it due to IP addresses being logged.
Missing info: servers leased or owned, virtual or physical servers, customer service, IPv6 leak protection, key exchange
Windscribe only logs how much bandwidth is used in a 30-day period; no IP or traffic logs.
256-bit AES encryption protects your data, combined with SHA512 authetnication and 4096-bit RSA keys with perfect forward secrecy.
DNS, WebRTC, and IPv6 leaks are all accounted for, and Windscribe operates its own DNS servers, but the kill switch is only available on desktop.
Windscribe leases physical servers to use in its network.
The company is based in Canada, a Five Eyes country. It accepts bitcoin and allows torrenting. Customer service is handled in house.
Zenmate logs the user’s IP address, operating system, and connection timestamps.
OpenVPN connections are protected by 256-bit AES encryption, SHA256 authentication, and 2048-bit RSA keys with perfect forward secrecy. DNS, WebRTC, and IPv6 leak protection are all included, but Zenmate uses public DNS servers instead of private ones.
Zendesk is used for customer service.
Torrenting is allowed, but we wouldn’t recommend it due to logged IP addresses. The company is incorporated in Germany, a 14 Eyes country. Bitcoin is not accepted.
Missing info: leased or rented servers, physical or virtual servers
All of the information presented in this article and the accompanying table was gathered through various means. We sent every provider in this list a questionnaire, which was used to fill in the table. Next, we sought to fill in what we could by using the VPNs ourselves. We referred to our own experience, reviews, and articles. Lastly, we sifted through the websites, knowledge bases, FAQs, privacy policies, and manual configuration files provided by each VPN provider.
17 out of 30 providers responded to the questionnairre. We found that those with the best security are often the quickest to respond, as they have nothing to hide. All of the providers were given ample time–more than a month–to respond.
A few did not respond at all. If this was the case, we sought out secondary sources for information, such as external reviews and reliable forum posts. We understand that security is an ongoing process that requires regular updates, however, so we excluded any secondhand information dated more than one year old and could not be corroborated elsewhere.
In the end, some fields were left empty. In such an event, we must assume the worst and deduct points. These field are marked with a question mark (?) in the table. We are, of course, happy to amend this article and the table should a VPN provider wish to give us information after publication. In fact, we encourage it.
- Shared IP addresses are the rule rather than the exception, so we assume that all VPNs on this list use them. It’s a win-win for VPN providers, as shared IP addresses are cheaper to maintain and offer greater anonymity for customers. Very few commercial providers even offer dedicated IPs, and if they do it normally costs extra.
- We did not deduct points for using rented servers, but we do deduct for virtual or cloud servers. While owning a server gives the greatest amount of control, it also offers less flexibility. If a data center lowers its standards, it’s much easier to simply end a lease and rent a server at a different data center than moving around physical servers. Virtual and cloud servers, however, bring in an unknown third party to the mix–the physical server owner–which is why we deduct points. No matter how well secured a virtual machine is, it is far more vulnerable than a dedicated physical machine.
- External email and customer support providers typically have access to some customer information, even if it’s just an email address. That’s why we deduct points for using them. Furthermore, even if the staff do not have access to customer information, a customer might not realize they are communicating through a third party and divulge private information.
- Encryption standards are based on what is vulnerable, not necessarily what is strongest. That’s why we don’t take off points for using AES-128, for example. Even though AES-256 is stronger, both are uncrackable for now. The same goes for RSA keys and authentication. SHA1 and 1,024-bit RSA keys are vulnerable, so SHA256 (or HMAC SHA1) and RSA 2,048 set our bar. Many VPNs opt for even stronger measures, such as 4,096-bit RSA keys and SHA512, but they do not get extra points for doing so.
- Responses to subpoenas, warrants, or DMCA takedown notices: We took into account whether a provider has encountered court orders for customer information in the past and how they responded, but no points are awarded based on if they have or haven’t.
- The effectiveness of warrant canaries is a hotly debated issue, so we awarded no points for having one. If a VPN provider does have one, we made a note of it.